CVE-2018-19524

CRITICAL

Shenzhen Skyworth DT741 - DoS/Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19524. PoCs published by Kaustubh G. Padwad.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in the `Web_passwd` function of multiple Shenzhen Skyworth GPON devices, allowing unauthenticated remote code execution or denial of service via a crafted HTTP POST request with an overly long password parameter.

Description

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.

Exploits (1)

exploitdb WORKING POC

by Kaustubh G. Padwad · pythondosasp

https://www.exploit-db.com/exploits/46358

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in the `Web_passwd` function of multiple Shenzhen Skyworth GPON devices, allowing unauthenticated remote code execution or denial of service via a crafted HTTP POST request with an overly long password parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Shenzhen Skyworth DT741, DT721-cb, DT741-cb (multiple versions)

No auth needed

Prerequisites: Network access to the target device · Vulnerable GPON device with exposed web interface

MITRE ATT&CK